Western Digital Corp. has issued an update on a network security incident that transpired on March 26, 2023, in which an unauthorized third party accessed several of the company's systems. 

Western Digital immediately reported the breach and initiated an investigation with the assistance of top security experts. To secure its operations, the company disconnected its systems and services from the public internet. While the investigation continues, most impacted systems and services have been restored, with product shipments maintaining customer demand. The My Cloud service was reinstated on April 13, 2023, and access to Western Digital's online store accounts is anticipated to be restored by the week of May 15, 2023.

The unauthorized party obtained a copy of a database utilized for the online store, containing personal customer information, such as names, billing and shipping addresses, email addresses, and telephone numbers. Encrypted hashed and salted passwords and partial credit card numbers were also included in the database. Western Digital is collaborating with external forensic experts to examine the extent of the breach and will directly contact affected customers.

We are aware that other alleged Western Digital information has been made public. We are investigating the validity of this data and will continue reporting our findings as appropriate.

Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We'd like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.

This press release contains forward-looking statements within the meaning of the federal securities laws, including statements regarding the network security incident, our related responsive actions and communications, the restoration of our systems and services and our ability to implement additional precautionary measures. The forward-looking statements contained in this press release are based on management's current expectations and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied in the forward-looking statements, including: additional information regarding the extent of the network security incident that we may uncover during our ongoing investigation, our ability to fully assess and remedy the security incident, and the possibility of additional disruption to our Company's business operations caused by the security incident. Additional risks and uncertainties that may cause actual results to differ materially include the risks and uncertainties listed in the Company's filings with the Securities and Exchange Commission (the "SEC"), including the Company's Form 10-K filed with the SEC on August 25, 2022, to which your attention is directed. You should not place undue reliance on these forward-looking statements, which speak only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements to reflect new information or events, except as required by law.

Western Digital Addresses Security Breach and Restores Impacted Systems